Bluehat – favorite quote && H.D., Metasploit and the iPhone

Halvar: One well-known researcher who goes by the name Halvar Flake called Vista "arguably the most secure closed-source OS available on the market," in a blog post about BlueHat. "As a result I think that most of the security researchers will move on to greener pastures for a while. Why try to chase a difficult overflow out of Vista when you have Acrobat Reader installed, some antivirus software with shoddy file parsing, and the latest iTunes?"

I am of course referring to H.D.'s interest in pwning the iPhone: http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.htmlMetasploit is well on its way to fully supporting the iPhone with its vast library of shellcode and exploits and offsets. It's very nice to see the security researchers taking such an interest in the product. 🙂 If I were Apple - I'd take note of the mention about the Office file format support built in to the phone . . . I'd start fuzzing Office documents and opening them using the converters built-in to the phone like . . . yesterday. Of course one would think that given today's security environment they would have fuzzed the snot out of Safari and the various wireless stacks - but that doesn't seem to have happened given the types of bugs fixed in the recent iPhone security update.